ClamAV For Windows Open Beta Begins

An anonymous reader writes "The public beta for ClamAV for Windows 3.0, which includes full integration of the ClamAV engine into the Immunet Protect product, is now open. If you are interested in playing with ClamAV for Windows 3.0, please see these forums. 32-bit and 64-bit versions are available for download. ClamAV for Windows should not be confused with ClamWin, a separate project."

Huh...

[amnesiacopera]

Will it run on Windows 3.1 as well?

Re:

[Anonymous Coward]

himem.sys is what allows you to load stuff into extended memory, thereby providing more free conventional memory. You would never need to make extra space for it.

Re:

[Anonymous Coward]

himem.sys is the first driver to be loaded if you are planning to use XMS at all. Only a fool would load a bunch of drivers into conventional memory before loading himem. A typical config.sys using XMS would look something like this.

device=C:\himem.sys
dos=high,umb
devicehigh=c:\bin\d011v109.sys /D:MSCD001 /M:1
devicehigh=c:\zansi.sys
files=20
buffers=40
lastdrive=e

Nobody who knew anything about DOS would ever try to load those other drivers (in this case, CD-ROM and ANSI drivers) before loading

Re:

[black6host]

Not only that but you can peek and poke to get just the perfect color scheme :)

Re:

[BatGnat]

If you want the most space use QEMM.

But seriously, upgrade to OS/2 Warp will you....

Wrong way around.

[BrokenHalo]

A way cooler project might be to backport all those nice new viruses to run on Windows 3.x. Just think of all those people who are missing out.

Re:

[antdude]

Nah, Windows for Workground v3.11 and Windows 3.2 [wikipedia.org]. ;)

Re:

[atisss]

I gues, it says it supports 32bit, so that should be pretty obvious. I wonder about 16bit version however.. As Windows 3.0 binaries should be compiled in 16 bit, and it's not released (only 32bit and 64bit huh), how it's going to run?

Editing mistake?

[froggymana]

From TFA "ClamAV 3.0 for Windows Open Beta", not "ClamAV for Windows 3.0" as the summary states.

Re:

[Shikaku]

It's not incorrect to say ClamAV for Windows 3.0, but it's much less confusing to say ClamAV 3.0 for Windows.

Re:

[froggymana]

ClamAV for Windows 3.0 would be correct if it were for that specific version of Windows, but it is referring to the version of ClamAV which runs on an unspecified version of Windows.

Re:

[mehrotra.akash]

It gets confusing ..
is it
(ClamAV for Windows) 3.0
OR
ClamAV for (Windows 3.0)

Re:

[froggymana]

Oh that makes more sense... People need to learn to use grouping parenthesis more often in their writing/typing :)

Re:

[noidentity]

If the name of the product were "ClamAV for Windows", then it would be correct, though confusing, to call it ClamAV for Windows 3.0.

Re:

[Atti K.]

Yeah, cause it would make so much sense to make an antivirus for Windows 3.0... In 2010, that is.

Re:

[BlueScreenO'Life]

Yeah, cause it would make so much sense to make an antivirus for Windows 3.0...

Yeah that's right. Just run it under DOS 6.22, which comes with its own antivirus msav.exe.

What is the Immunet product and why should we risk

[Anonymous Coward]

Could someone enlighten us what the Immunet product is? Their web page is so full of cloud computing and other buzzwords that I can't see what's different from other vendors tools

Re:

[Spad]

The Immunet Community has over 0 members protected from 0 threats.

Whatever it is they do, the Immunet Community appears to rely too much on Javascript.

Re:

[godefroi]

All I could find is that it gives you "the advanced protection of the cloud". That sounds really awesome, and I think I must need it desperately. Probably you too.

Re:

[kc0re]

Immunet is a lightweight client that runs on the Desktop, the AV is done "in the cloud" as opposed to running a gigantic fat client and downloading daily updates. As a result, it's faster, adapts faster, and allows for worldwide correlation.

Re:

[badkarmadayaccount]

Sounds like the perfect datamining operation... I wonder if they are gonna go Google and make it a free service, and sell analytics data. That would be a great business model, if they have a decent privacy policy. Hell, I think you could try the same trick and OEM Ubuntu machines, and have click-through EULA during the configuration phase (not too convulted, we want to be fair now - the lusers won't even glance at it anyway). Send tracking data for a limited period (and make tracking removal reasonably easy

Re:Clam. What's that?

[KugelKurt]

An anti virus application for Windows 3.0

Re:

[KugelKurt]

No, they run Windows 3.11 because they require that "for Workgroups" feature.

Re:

[Atti K.]

Yeah, some mod could mod this funny, but it's actually sad but true... for some older ATMs at least. Nowadays I see quite a few running XP (you can see that on the back screen, if the ATM is in a place where you can see its back). But a few years ago I've seen a crashed ATM and it had plain MS-DOS. Then I remembered that I've used once an ATM of that particular bank, and that it seemed to me that the fonts looked just like the BGI fonts (Borland Graphics Interface - those who used Borland Pascal/C++ during

Re:

[neumayr]

I thinks it's sadder when an ATM runs XP. Those things handle sensitive data and should be kept as simple as possible, as more code always implies more bugs, no matter who's code it is.

An ATM running DOS would generally feel more trustworthy to me than one running XP.

Re:

[neumayr]

Why wouldn't it be? The application takes only very well defined input and the hardware is known. I don't see any problems.

Re:

[AmiMoJo]

Cost is what drives it. ATMs need network support and the banks want a flashy graphical/animated interface that advertises their shit. You could implement all that on an embedded system but it would take longer and cost more money to do, so the developers just throw XP on and figure that since the system is physically secured with a key and only ever connects to the ATM network and not the wider internet any security concerns are nullified.

In reality that isn't the case, of course.

I have a similar problem i

Re:

[kc0re]

ClamAV is an opensource Antivirus program.

On Slashdot? Really?

[neumayr]

Sure, it's something to make fun of, Windows 3.0 and all that. But advertising an anti virus product beta on Slashdot's main page? C'mon.

ClamAV is a big deal

[iYk6]

ClamAV is an open source anti-virus. That's a pretty big deal, considering it is the only one. Or at least, the only one that is complete and still maintained.

Were you being sarcastic, or did I miss a joke?

Re:

[neumayr]

It's an open source product? Okay, then I guess I see the relevance. Sorry, my bad.

They could have mentioned that in the summary though..

Re:

[ziggyzaggy]

oh no! and here I thought redmond was just being slow making my source printout request as per GPL 2. You really know how to pop someones bubble. Now what am I going to do about my nifty custom .bat file with included Windows 2008 Server R2 that's been so popular on megaupload?

Re:ClamAV is a big deal

[rubycodez]

ClamAV's main use is the Unix/Linux/BSD version for running on mail servers, but it also has the cool mode of scanning directory trees on a samba file servers for Windows clients. The virus definition databases it uses are updated multiple times a day and are automatically downloaded. I have several customers that have been using it for years, it does catch the bad wares and moves bad files to a holding directory. It understands the common archival and compression, executable, and document formats.

http://www.clamav.net/lang/en/about/ [clamav.net]

Re:

[black6host]

I assume you're using it to scan files on a predetermined schedule? If so, obviously you would not be able to comment on real time protection (upon file access.) I take it you're satisfied though with the scanning and detection abilities. Please correct me if I'm wrong. This (CLAMAV for Windows) piques my curiosity though as currently I use, and some of my clients as well, MS Security Essentials. This is ok in a business environment with 10 or fewer computers but some of my clients, who can't afford at t

Re:

[rubycodez]

correct that file scans are scheduled, but that fits with the clients use of batch reception of scanned and pdf medical documentation.

They use a multi-tiered approach to security that also includes Fortigate and the free AVG windows client.

Re:

[black6host]

The Fortigate looks good at first blush (haven't used one personally.) I've become rather not fond of AVG, I got more support calls from family who I used to recommend AVG to, related to AVG, than anything else. Mostly, the update nagging and seemingly absolutely immediately required upgrades to the latest, greatest version. That plus every time I used to instruct them on how to download it they were always tripped up by all the BS that came along with the download page. Really unobtrusive free download

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[ancientt]

The article is not about ClamWin but it is a related product. It is mentioned in the summary, but I have some experience with it and can at least tentatively recommend it. ClamWin uses ClamAV resources but was designed to run on Windows and is somewhat mature. It can work with centralized updates, email notices upon virus detection and runs on any likely version of Windows. It has a plug-in for Outlook and is integrated into Explorer, though I'm not sure it does on-access scanning. (It didn't in the past, b

Re:

[black6host]

First, I think you took my part about access a bit too literally. Of course files should be scanned upon first encounter. Second, if files get on a system with a new exploit that hasn't hit the virus def file yet, I'd rather it get caught at some point, and in the real time protection scenario it will be picked up on access if it's not caught sooner (provided the virus defs have been updated to pick it up.)

Lastly, no need for swearing and all those caps. One can make a point without doing so and polite d

Re:

[tgd]

And? MS Security Essentials is a zero-cost option as long as the OS isn't pirated.

If you're not in a free-as-in-whatever-the-OSS-people-are-calling-free-like-beer-or-whatever OS, why do you need AV that is?

Not sure I get it. I can totally buy an OSS virus scanner for an OSS OS, or an OSS virus scanner for a non-OSS OS that has no free options, but Windows has a free option that comes from the people who wrote the OS.

Re:

[beardz]

And? MS Security Essentials is a zero-cost option as long as the OS isn't pirated.

It's a zero cost option even if the OS is pirated.

Re:

[melstav]

Microsoft pushes "Critical" security updates for their software so frequently it isn't funny. And that's not even taking into account vulnerabilities they go out of their way to actively keep quiet [slashdot.org]. Do you REALLY want to trust *THEM* to provide you with the software that's supposed to keep the *rest* of their library secure?

Re:

[QuoteMstr]

Oh, for fuck's sake, have you seen LWN's "security" page? Every week, there's some remote code execution vulnerability or another. At least distributions regularly push updates --- Apple usually waits for its next minor release. I'm sick and tired of this puerile and reflexive Microsoft-bashing.

Re:

[asdfghjklqwertyuiop]

The joke is that virus scanners in general tend to be jokes.

Re:

[bcmm]

ClamAV is an open-source AV system. The reason a Windows version is news is that it's usually run on Linux systems, especially mail servers.

Will it run on ReactOS?

[Anonymous Coward]

People waiting to follow the only worthy upgrade from XP want to know ;)

Re:Will it run on ReactOS?

[AndGodSed]

Well, first you have to get ReactOS to run...

Re:

[KugelKurt]

Oh no, I was just about to insert the first of my Win3.0 720Kb setup floppies to give ClamAV a spin.

Re:

[ffreeloader]

Yeah, having to use Google to figure out something you don't know is so hateful and discriminatory.... ;)

Re:

[Teun]

What's this google?

Re:

[grcumb]

What's this google?

Same as that Google, only closer.

Re:

[ziggyzaggy]

you're a bit ambiguous yourself, are your "regular clams" the underwater or bearded variety, i.e. are you buttering and tasting marine bivalves or vulvas?

ClamAV engine poor at general malwre detection

[throwaway18]

The clamAV engine is designed for scanning incoming email. These days any sensibly configured email system deletes all email with any forum of executable attachment before it gets anywhere near the end users so email scanning is a bit of a niche market.

The ClamAV engine may be good at email scanning but that does not mean it is good for general malware scanning. Clamwin, which uses the clamAV engine in a general windows malware/virus scanner has very poor detection compared to the top few antivirus packages (Eset Nod32, AVG, kaspersky, avira paid version, panda).

Malware delivered via the web is the main source of the epidemic of crap on the windows platform these days. In geek circles I feel like a suspected plague carrier because I carry a windows laptop instead of running ubuntu or carrying an apple.

I do nearly all my browsing in windows virtual machines. The basic firefox only VM is little trouble. A vm with flash player, Sun java, acrobat reader, dotnet addon etc results in the "whats all this network traffic, shit the VM is sending spam" or "popups WTF?" every few months, followed by going back to a known good copy of the VM and redownloading lots of updates.

Over that last year I'v uploaded a couple of dozen malware .exe's from the web to virustotal, (mostly attempts to exploit user ignorance that didn't getting running on my machine eg desirable-file.pdf.exe). I keep the exe's and check how long it takes for AV companies to add detection. Kaspersky and AVG usually add detections within 36 hours, avira is usually "next day" provided next day is monday-friday.
Half the time Clamwin does not detect the malware and typically takes a couple of weeks to start detecting my sample if they get it at all.
I have little confidence in another package using the clamAV engine doing any better.

Also the ony real cleanup response for malware arriving by email is 'delete', removing malware that has installed itself into windows takes much more work. A of people rely on antivirus software to clean up messy infections instead of being organised enough to have current backups and known-good images of every machine.

Re:ClamAV engine poor at general malwre detection

[Frosty Piss]

The clamAV engine is designed for scanning incoming email. These days any sensibly configured email system deletes all email with any forum of executable attachment before it gets anywhere near the end users so email scanning is a bit of a niche market.

Maybe end users WANT the freedom to be able to attach executables? Who says all email users (or even most) are like you?

Now, of course, I'm not talking about the rubes that clicky on any linky or attachment in their email, but you know, *I* want the ability to send *any* type of file I choose to a recipient that might be expecting said file...

Re:ClamAV engine poor at general malwre detection

[mspohr]

And unfortunately, the range of attachments which can be considered "executable" (on Windows) is very large. I recently encountered a company that would not accept a PDF file email attachment because of the perceived danger. No doubt the danger is real on Windows but this should prompt some more intelligent countermeasures (such as better pdf readers, virus detection, or getting rid of Windows).

Re:

[Lennie]

Judging by a recent 27c3-presentation, I have some doubts a good PDF reader actually exists. The format is such a mess I can't believe it:

http://www.youtube.com/watch?v=54XYqsf4JEY [youtube.com]

Re:

[aztracker1]

The holes are in the Adobe Acrobat Reader, and exist on linux as well whenusin adobe's reader, which many on linux don't, just the same, the security hole isn't only in windows.. also, you can run a botnet node in user space on linux too.

Re:

[mspohr]

Yeah, it is theoretically possible to run a botnet in userspace in Linux and there was even an actual botnet that attacked some Linux based modems a few years ago using their default passwords. However, perhaps because it requires exceptional stupidity on the part of users (and their lack of access to root), there aren't any actual botnets in the wild running on Linux. Just happy the I run Linux and Mac and don't have to worry about malware. I'm happy to leave the malware battles to the Windows users.

Ju

Re:

[aztracker1]

Well, the several million macs out there running as bot nodes would disagree with at least a portion of that statement. I'm not disagreeing that windows has a lot more virus issues... and has a history of poor security... However, I would say that the largest reason behind this is the compatibility of windows versions and market share that has been the leading driver behind this... As mac usage has risen a bit, so it too has become a malware target...

Though most mac malware comes from pirate software p

Re:

[Anonymous Coward]

I work for a manufacturing software company and we deliver products by email every day. We rarely have a problem because very few email systems mindlessly delete all executable attachments.

Re:

[Sulphur]

I'm posting AC cause I work for a large three lettered software company.

FUD Inc?

Re:ClamAV engine poor at general malwre detection

[bcmm]

These days any sensibly configured email system deletes all email with any forum of executable attachment before it gets anywhere near the end users so email scanning is a bit of a niche market.

Where did you get that from? Remember that .doc is, potentially, an executable format (a Word macro can make arbitrary win32 API calls), not to mention the many exploits that rely on overflows in parsers of non-executable formats.

Re:

[snowgirl]

Where did you get that from? Remember that .doc is, potentially, an executable format (a Word macro can make arbitrary win32 API calls), not to mention the many exploits that rely on overflows in parsers of non-executable formats.

So, now here comes the interesting tidbit of pedantry. A .doc file cannot, I repeat cannot, contain a macro.

What can contain macros are .dot files, or document templates. The problem is that .dots are virtually identical to .docs, and if you take a .dot and rename it with a .doc extension it will be indistinguishable from a proper .doc file, thus all these macro viruses spread by parading document templates as simple documents. If Word were just smart enough to recognize that it is opening a document tem

Re:

[fishexe]

Where did you get that from? Remember that .doc is, potentially, an executable format (a Word macro can make arbitrary win32 API calls), not to mention the many exploits that rely on overflows in parsers of non-executable formats.

So, now here comes the interesting tidbit of pedantry. A .doc file cannot, I repeat cannot, contain a macro.

Are you sure [wikipedia.org]?

What can contain macros are .dot files, or document templates. The problem is that .dots are virtually identical to .docs, and if you take a .dot and rename it with a .doc extension it will be indistinguishable from a proper .doc file, thus all these macro viruses spread by parading document templates as simple documents. If Word were just smart enough to recognize that it is opening a document template with the extension of ".doc" and throw up an error/warning message, macro viruses would hardly be a problem.

So how come when i add a macro and hit save, it directly produces a doc that contains a macro? I admit it's been a lot of years since I've done this, but I've never renamed a .dot to .doc or anything like that, yet I've opened up documents to which I've added macros and, lo and behold, the macros were still in there.

Re:

[snowgirl]

Are you sure [wikipedia.org]?

Hm... not entirely sure, I don't do anything with MS Word anymore really. Although, this most certainly was the case back in 1995~98. (I wrote a concept Word macro virus and had to figure this out to make it work.)

Re:

[bcmm]

OK, so a genuine Microsoft Word document might not hold macros, but a .doc file most certainly can.

I know it's not the intended use, but as you say, a file ending .doc can contain any format recognised by Word and work as expected. This is in semi-common use for communicating with idiots who accept only Word documents, since Word will accept plain-text or RTF, which are both much easier to work with.

Re:

[snowgirl]

This is in semi-common use for communicating with idiots who accept only Word documents, since Word will accept plain-text or RTF...

OMG, that is just an incredible idea, lol!

Re:

[bigstrat2003]

a Word macro can make arbitrary win32 API calls

What the hell? I'm no security expert, but even I recognize what a terrible idea that is. Has Microsoft ever offered any justification for this one?

Re:

[bcmm]

Personally I think it's great. Back when I was in 6th form, they had computers with cheap CRT monitors, all set, out of laziness, at Windows's default mode, which was 1024x786 at 50Hz - OK for some, but a quick way to get a migraine for me. They'd locked them down in various ridiculous ways, including no display settings or running executables from anywhere you can write to, so I used a Microsoft Word macro to change the resolution and refresh rate. Insanity, I know...

Re:

[neumayr]

Wow. You sure are a malware magnet. Luckily it seems to fit your hobby.

Please be aware not everyone gets attacked as much as you do and the kind of organization you wield to protect yourself would be overkill for most people.

Re:

[nurb432]

In geek circles I feel like a suspected plague carrier because I carry a windows laptop instead of running ubuntu or carrying an apple.

So YOU are that guy..

Re:

[fishexe]

A of people rely on antivirus software to clean up messy infections instead of being organised enough to have current backups and known-good images of every machine.

But what about B of people? We can't all be A-listers, you know.

Re:

[SheeEttin]

A vm with flash player, Sun java, acrobat reader, dotnet addon etc results in the "whats all this network traffic, shit the VM is sending spam" or "popups WTF?" every few months, followed by going back to a known good copy of the VM and redownloading lots of updates.

Why not just make one known-good VM, then use whatever that feature is that discards any changes on shutdown? (I know VirtualBox has one, dunno about others.)

Not getting it.

[Khyber]

Just repaired a computer that had ClamAV installed.

It missed multiple trojans that Microsoft Security Essentials found.

Re:

[mick232]

It's not enough to install it. You actually have to use it and keep it up-to-date!

Re:

[anomaly256]

It has been my experience as well that clamAV and variants of it are in practice useless. Like, totally useless. I've never, ever, seen clam* successfully detect anything at all, even when up to date and used often. Even when pointed *directly at a known infected file with incredibly common malware/virii/whatever* it'll still say it's clean. When packages like that awful and bloated Nortons do a better job, I'm tempted to call clam* an outright hoax. Fire up avast!, detects it. McAffee, detects it. N

Re:

[Khyber]

It was fully updated and was ran before installing and running MSE, I did that myself to confirm viability of the installed anti-virus software.

It still missed simple shit from a year or more ago.

Sloooooowwwww.....

[ArchieBunker]

Scanning files with ClamWin is about as fast as reading them yourself with a hex editor. I use Avast.

I had no idea

[Beelzebud]

that there was a 64 bit version of Windows 3.0!

Re:

[Teun]

That's why we come here, to learn.

Re:

[Sulphur]

that there was a 64 bit version of Windows 3.0!

It failed because of 64 bit viruses.

How is this different from ClamWin?

[Andrioid]

I've been using ClamWin (http://www.clamwin.com) for years without any problems. Does anyone know the difference?

Re:

[Nocturna81]

As far as I can tell, ClamAV is the "engine" and ClamWin is the frontend

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[kc0re]

It IS in this product.

Re:Windows 3.0 - 64bit

[TheRaven64]

I ran Windows NT 4 on a P166, dual-booting with DOS for games. I installed Windows 3.11 in DOS and it was amazingly fast, although running something designed for a 640x480 (16 colour!) display on a 1024x768 screen made it look a bit strange. Running on a modern system would probably be so fast that you'd barely have time to see the UI before you got the first general protection fault...

Re:

[Khyber]

I think it more likely you hit a divide overflow before you see a GPF.

Re:

[snowgirl]

I ran Windows NT 4 on a P166, dual-booting with DOS for games. I installed Windows 3.11 in DOS and it was amazingly fast, although running something designed for a 640x480 (16 colour!) display on a 1024x768 screen made it look a bit strange. Running on a modern system would probably be so fast that you'd barely have time to see the UI before you got the first general protection fault...

I've been stuck with an interesting dilemma a few times, where I installed a new hard drive into my netbook. Problem is, how do you install the OS? Well, the best option I had available at the time was to boot over the network with a virtual floppy and install DOS 7.0 on the machine. With that, I was actually able to at one point install Win 3.11, but the problem was that none of the drivers worked for the newer hardware, and the hardware had lost enough backwards compatibility to make the drivers that d

Re:

[TheRaven64]

Are you sure? You probably have a setting for SoundBlaster emulation in the BIOS (I think it's not enabled by default now, because most stuff expects an AC97 interface, but it's possible to enable). Windows 3.1 also supported SVGA via VESA, which I think all modern graphics cards still support, although it didn't select that driver automatically. You won't get any hardware acceleration, but given that software drawing was fast enough on a 16MHz 386, that's probably not a problem...

Re:

[snowgirl]

Well, it's a netbook... so the BIOS has hardly any options at all.

As for the SVGA via VESA, the problem is that Windows 3.1 uses VESA 1, or at least before VESA 2, which really just put up a standard that people can write drivers to support... I don't remember the details, but suffice it to say, things were horribly ill supported.